diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-09-24 23:59:12 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-01-24 15:16:47 +0100 |
commit | 342e3652c791bdb06e08abcc169b4456c83ccd00 (patch) | |
tree | 87190b58432cd73cc8dd1d4bfd9dfd027f2f236f /crypto | |
parent | 66fc90f18c44cdac0126c35ffedb99ba7a8b9825 (diff) |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x_all.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index c3f5ee11df..e4c5c16f76 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -63,6 +63,9 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0 + && !X509_set_version(x, X509_VERSION_3)) + return 0; /* * Setting the modified flag before signing it. This makes the cached @@ -83,6 +86,9 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0 + && !X509_set_version(x, X509_VERSION_3)) + return 0; x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, |